When are passwords saved?

When you enter your password on a website, Yandex.Browser offers to save it for you. For future visits to this site, your saved password will be entered for you automatically.

How can I turn off saving passwords?

If you do not want Yandex.Browser offer to save passwords:

click the icon → Settings.

In the lower half of the Settings page, click Show advanced settings.

In the Passwords and forms section, disable the Offer to saved website passwords option.

Websites for which passwords may or may not be saved

To view the list of websites for which you have allowed or not allowed passwords to be saved:

click the icon → Settings.

In the lower half of the Settings page, click Show advanced settings.

In the Passwords and forms section, click Manage passwords.

In the Passwords window under the Don't save passwords for these sites section, you will see a list of websites where you do not allow passwords to be saved. In the Saved website passwords section you will see a list of websites that Yandex.Browser has saved passwords for.

To delete a password from the list:

Click in the line with the corresponding site address.

Click Done.

If you forgot the password

If you forgot a password but it is saved in Yandex.Browser, you can view it in the settings:

click the icon → Settings.

In the lower half of the Settings page, click Show advanced settings.

In the Passwords and forms section, click Manage passwords.

In the Saved passwords section, click the line with the desired website.

In the box with the password, click the button Show.

Enter your account password in the window that appears and click OK.

The box will display the password from the website.

To make the password hidden again, click Hide in the box with the password.

Password phishing protection

Phishing. Hackers can create websites that look very similar to real ones . The user believes that this is a familiar website and enters a password. The malicious user gets the password and can use it to steal personal data or money.

Identical passwords. This is a serious security threat. By getting the password to one account, an attacker can gain access to all the other accounts.

For example, if you use the same password for your online bank and for an online store, employees of the online store, unknown to you, can get access to your personal bank account.

It is particularly dangerous to use the same password for HTTPS and HTTP websites. As passwords for HTTP websites are not encrypted, they can be intercepted by hackers who can use these passwords on an HTTPS website to steal personal data or money.

Note. Yandex.Browser protects passwords to popular websites such as VK or Mail.ru. The browser makes a list of important websites, but you can add websites you need (for example, a website where you make online payments).

How this protection works

Once you enter a password on an important website, Yandex.Browser uses it to create a fingerprint (hash) and saves it in its database. When you enter passwords on other websites, the browser will compare their hashes with the database. If a match is found, before sending a password to the server the browser will ask you to confirm that you want to use the same password on several websites:

Adding a website to secured sites

Right-click on the website page.

In the context menu, select View Page Info. A window will appear on the screen listing all permissions for this page.

Enable Password phishing protection.

Disable protection

Attention! This is not recommended, as it will be easier for malicious users to access your personal information.

click the icon → Settings.

In the lower half of the Settings page, click Show advanced settings.

In the Passwords and forms section, disable the Phishing protection option.

You can also delete all password hashes. To do this click Clear data.

Password hashing in Yandex.Browser

Passwords for important sites are saved by Yandex.Browser as hashes. Because passwords are not stored as plain text, malicious users will not be able to get access to your personal information even if they steal the password database.

Cryptographic hashing helps transform a password into a unique character sequence that can be easily used for password identification, but it is practically impossible to restore an original password using it. For example, the string “hello” after hashing can be transformed into the sequence “2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824”.

Yandex.Browser uses the SCrypt algorithm for hashing. This algorithm generates a hash using not only the central processor, but also multiple read/write operations in the memory. Such an approach makes it difficult to crack passwords, so as an example, a hacker will not be able to speed up brute force hacking using the video card processor. The SCrypt algorithm is used, for example, in LiteCoin crypto currency.

As a result, it will take a malicious user more than 100 years to match a six-digit password, including uppercase letters, lowercase letters, numbers, and special characters.